You can set Cross Origin Resource Sharing(CORS) for objects in buckets through the COS Console. COS supports configuring multiple rules to respond to OPTIONS requests. CORS is a mechanism that allows resources at one origin to be requested from another origin through HTTP requests. Origins are deemed different from each other as long as their protocols, domain names or ports are different.
COS supports response to OPTIONS requests for CORS, and returns specific rules set by developers to browsers, but the server does not verify whether subsequent cross-origin requests conform to the rules. For more information, see Cross-Origin Resource Sharing.
Log in to the COS Console, and then select the Bucket List in the left pane to go to the Bucket List page. Click the bucket of the object for which you want to set CORS to enter the bucket.
Click Basic Configuration to go to the Basic Configuration page of the bucket, find CORS Settings, and click Add Rule.
Add rule information (Fields with * are required). Configuration items are as follows:
Source Origin: The domain names allowed for cross-origin requests.
*is supported, which means all domain names are allowed. Not recommended.
http://*.abc.com. Only one second-level wildcard domain name with only one
*in it is allowed per line.
Operating Methods: GET, PUT, POST, DELETE, and HEAD are supported. Enumeration of one or more methods is allowed for a cross-domain request.
Allow-Headers: Allow-Header is used to notify the server about which custom HTTP request headers are allowed for subsequent requests when an OPTIONS request is sent, such as x-cos-meta-md5.
*to indicate that all headers are allowed if there is no special requirement.
_) are allowed.
Expose-Headers: Expose-Header returns a common header for COS. For more information, see the Common Request Headers. The configuration should be specific to the requirements of application. Etag is recommended. Wildcard is not allowed. Headers are case insensitive, with one header per line.
Timeout Max-Age: Sets the validity period (in seconds) of the results obtained by OPTIONS. The value must be a positive integer, such as 600.
After configuration, click Submit and you will see the CORS rules added. To modify it, click the Modify button.